Anat Paskin-Cherniavsky

Non-Interactive Secure Multiparty Computation

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,…,x n ) is specified by a joint probability distribution R = (R1,…,R n ) and local encoding functions Enc i (x i ,r i ), 1 ≤ i ≤ n. Given correlated randomness (r1,…,r n ) ∈ R R, each party P i , using its input x i and its randomness r i , computes the message m i = Enc i (x i ,r i ). The messages m1,…,m n can be used to decode f(x1,…,x n ). For a set T ⊆ [n], the protocol is said to be T-robust if revealing the messages \((\mathrm{Enc}_i(x_i,r_i))_{i\not\in T}\) together with the randomness (r i )i ∈ T gives the same information about \((x_i)_{i\not\in T}\) as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this non-interactive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is t-robust if it is T-robust for every T of size at most t and it is fully robust if it is n-robust. A 0-robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994).

Maliciously Circuit-Private FHE

We present a framework for transforming FHE (fully homomorphic encryption) schemes with no circuit privacy requirements into maliciously circuit-private FHE. That is, even if both maliciously formed public key and ciphertext are used, encrypted outputs only reveal the evaluation of the circuit on some well-formed input x*. Previous literature on FHE only considered semi-honest circuit privacy. Circuit-private FHE schemes have direct applications to computing on encrypted data. In that setting, one party (a receiver) holding an input x wishes to learn the evaluation of a circuit C held by another party (a sender). The goal is to make receiver’s work sublinear (and ideally independent) of \(\left\lvert C \right\rvert \), using a 2-message protocol. The transformation technique may be of independent interest, and have various additional applications. The framework uses techniques akin to Gentry’s bootstrapping and conditional disclosure of secrets (CDS [AIR01]) combining a non circuit private FHE scheme, with a homomorphic encryption (HE) scheme for a smaller class of circuits which is maliciously circuit-private. We devise the first known circuit private FHE, by instantiating our framework by various (standard) FHE schemes from the literature.

Secure Computation with Minimal Interaction, Revisited

Motivated by the goal of improving the concrete efficiency of secure multiparty computation (MPC), we revisit the question of MPC with only two rounds of interaction. We consider a minimal setting in which parties can communicate over secure point-to-point channels and where no broadcast channel or other form of setup is available.

Statistical Randomized Encodings: A Complexity Theoretic View

A randomized encoding of a function f(x) is a randomized function \(\hat{f}(x,r)\), such that the “encoding” \(\hat{f}(x,r)\) reveals f(x) and essentially no additional information about x. Randomized encodings of functions have found many applications in different areas of cryptography, including secure multiparty computation, efficient parallel cryptography, and verifiable computation.

Evolving Secret Sharing: Dynamic Thresholds and Robustness

Threshold secret sharing schemes enable a dealer to share a secret among n parties such that only subsets of parties of cardinality at least \(k = k(n)\) can reconstruct the secret. Komargodski, Naor and Yogev (TCC 2016-B) proposed an efficient scheme for sharing a secret among an unbounded number of parties such that only subsets of k parties can recover the secret, where k is any fixed constant. This access structure is known as k-threshold. They left open the possibility of an efficient scheme for the dynamic threshold access structure, in which the qualified sets are of increasing size as the number of parties increases. We resolve this open problem and present a construction in which the share size of the t-th party is \(O(t^4\cdot \log t)\) bits.

Secure Two-Party Computation over Unreliable Channels

We consider information-theoretic secure two-party computation in the plain model where no reliable channels are assumed, and all communication is performed over the binary symmetric channel (BSC) that flips each bit with fixed probability. In this reality-driven setting we investigate feasibility of communication-optimal noise-resilient semi-honest two-party computation i.e., efficient computation which is both private and correct despite channel noise.

Locally Decodable Codes for Edit Distance

Locally decodable codes (LDC) [1,9] are error correcting codes that allow decoding (any) individual symbol of the message, by reading only few symbols of the codeword. LDC’s, originally considered in the setting of PCP’s [1], have found other additional applications in theory of CS, such as PIR in cryptography, generating a lot of fascinating work (see [12] and references within). In one straightforward practical application to storage, such codes provide enormous efficiency gains over standard error correcting codes (ECCs), that need to read the entire encoded message to learn even a single bit of the encoded message. Typically, LDC’s, as well as standard ECC’s are designed to decode the encoded message if up to some bounded fraction of the symbols had been modified. This corresponds to decoding strings of bounded Hamming distance from a valid codeword. A stronger natural metric is the edit distance, measuring the shortest sequence of insertions and deletions (indel.) of symbols leading from one word to another. Standard ECC’s for edit distance have been previously considered [11]. Furthermore, [11] devised codes with rate and distance (error tolerance) optimal up to constants, with efficient encoding and decoding procedures. However, combining these two useful settings of LDC, and robustness against indel. errors has never been considered.